HostOnNet Blog

SYN_RECV DDoS attack on CentOS Server

Looking for Linux Server Admin or WordPress Expert? We can help.

Last few days a server is getting too many SYN_RECV attacks.
I tried to stop it with APF antidos and mod_evasive.
It stoped the attack. But today it started again, may be with more strength, there was more than 1500 SYN_REC requests, Apache stoped working.
Today i banned few attacker IP’s with APF firewall.
netstat will show the number of connections each IP’s have. Ban IP’s with too many SYN_REC will help if attack is not spoofed.

# netstat -n -p | grep SYN_REC | awk '{print  $5}' | awk -F: '{print $1}'

To block an IP with APF Firewall, use
# apf -d IPADDRESS
# csf -d IPADDRESS

Posted in Uncategorized. Bookmark the permalink.

One Response to SYN_RECV DDoS attack on CentOS Server

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.